#include <sodium.h>
#include "dnsname.hh"
+#include "lock.hh"
#define DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE (crypto_sign_ed25519_PUBLICKEYBYTES)
#define DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE (crypto_sign_ed25519_SECRETKEYBYTES)
static DNSCryptExchangeVersion getExchangeVersion(const unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]);
static DNSCryptExchangeVersion getExchangeVersion(const DNSCryptCert& cert);
- DNSCryptContext(const std::string& pName, const std::string& certFile, const std::string& keyFile);
- DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
+ struct CertKeyPaths
+ {
+ std::string cert;
+ std::string key;
+ };
- void reloadCertificate();
+ DNSCryptContext(const std::string& pName, const std::vector<CertKeyPaths>& certKeys);
+ DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
+ ~DNSCryptContext();
+
+ void reloadCertificates();
void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false);
void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false);
+
void markActive(uint32_t serial);
void markInactive(uint32_t serial);
void removeInactiveCertificate(uint32_t serial);
- std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return certs; };
+ std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return d_certs; };
const DNSName& getProviderName() const { return providerName; }
int encryptQuery(char* query, uint16_t queryLen, uint16_t querySize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, uint16_t* encryptedResponseLen, const std::shared_ptr<DNSCryptCert>& cert) const;
private:
static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);
static void loadCertFromFile(const std::string&filename, DNSCryptCert& dest);
+ static std::shared_ptr<DNSCryptCertificatePair> loadCertificatePair(const std::string& certFile, const std::string& keyFile);
+
+ void addNewCertificate(std::shared_ptr<DNSCryptCertificatePair>& newCert, bool reload=false);
- pthread_rwlock_t d_lock;
- std::vector<std::shared_ptr<DNSCryptCertificatePair>> certs;
+ ReadWriteLock d_lock;
+ std::vector<std::shared_ptr<DNSCryptCertificatePair>> d_certs;
+ std::vector<CertKeyPaths> d_certKeyPaths;
DNSName providerName;
- std::string certificatePath;
- std::string keyPath;
};
bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut);